This is an automated email from the ASF dual-hosted git repository.
eladkal pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 531eb41bff Metrics - Enabled encrypted OTel Endpoint (#32524)
531eb41bff is described below
commit 531eb41bff032e10ffd1f8941113e2a872ef78fd
Author: Deepchand Swami <[email protected]>
AuthorDate: Fri Jul 21 15:37:21 2023 +0530
Metrics - Enabled encrypted OTel Endpoint (#32524)
* Configured https on otel collector endpoint
* added otel ssl flag to config.yml
* better coding style used for otel ssl
* doc updated for enabling ssl at opentelemetry collector end
* Update the documentation to provide instructions on how to establish an
HTTPS connection to the OpenTelemetry collector
* renamed code block to yaml from yml as doc tests are failing
---------
Co-authored-by: Deep Swami <[email protected]>
---
airflow/config_templates/config.yml | 10 ++++++++++
airflow/metrics/otel_logger.py | 6 ++++--
.../logging-monitoring/metrics.rst | 17 +++++++++++++++++
3 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/airflow/config_templates/config.yml
b/airflow/config_templates/config.yml
index fbaac698b0..9432b03d1f 100644
--- a/airflow/config_templates/config.yml
+++ b/airflow/config_templates/config.yml
@@ -1059,6 +1059,16 @@ metrics:
type: string
example: ~
default: "False"
+ otel_ssl_active:
+ description: |
+ If True, SSL will be enabled. Defaults to False.
+ To establish an HTTPS connection to the OpenTelemetry collector,
+ you need to configure the SSL certificate and key within the
OpenTelemetry collector's
+ config.yml file.
+ version_added: 2.7.0
+ type: string
+ example: ~
+ default: "False"
secrets:
description: ~
options:
diff --git a/airflow/metrics/otel_logger.py b/airflow/metrics/otel_logger.py
index 0cb3289cb5..3168e9ae65 100644
--- a/airflow/metrics/otel_logger.py
+++ b/airflow/metrics/otel_logger.py
@@ -386,6 +386,7 @@ def get_otel_logger(cls) -> SafeOtelLogger:
host = conf.get("metrics", "otel_host") # ex: "breeze-otel-collector"
port = conf.getint("metrics", "otel_port") # ex: 4318
prefix = conf.get("metrics", "otel_prefix") # ex: "airflow"
+ ssl_active = conf.getboolean("metrics", "otel_ssl_active")
# PeriodicExportingMetricReader will default to an interval of 60000
millis.
interval = conf.getint("metrics", "otel_interval_milliseconds",
fallback=None) # ex: 30000
debug = conf.getboolean("metrics", "otel_debugging_on")
@@ -394,8 +395,9 @@ def get_otel_logger(cls) -> SafeOtelLogger:
allow_list_validator = AllowListValidator(allow_list)
resource = Resource(attributes={SERVICE_NAME: "Airflow"})
- # TODO: figure out https instead of http ??
- endpoint = f"http://{host}:{port}/v1/metrics";
+
+ protocol = "https" if ssl_active else "http"
+ endpoint = f"{protocol}://{host}:{port}/v1/metrics"
logging.info("[Metric Exporter] Connecting to OpenTelemetry Collector at
%s", endpoint)
readers = [
diff --git
a/docs/apache-airflow/administration-and-deployment/logging-monitoring/metrics.rst
b/docs/apache-airflow/administration-and-deployment/logging-monitoring/metrics.rst
index 02279fbb03..e4bb1da68a 100644
---
a/docs/apache-airflow/administration-and-deployment/logging-monitoring/metrics.rst
+++
b/docs/apache-airflow/administration-and-deployment/logging-monitoring/metrics.rst
@@ -73,7 +73,24 @@ Add the following lines to your configuration file e.g.
``airflow.cfg``
otel_port = 8889
otel_prefix = airflow
otel_interval_milliseconds = 30000 # The interval between exports,
defaults to 60000
+ otel_ssl_active = False
+Enable Https
+-----------------
+
+To establish an HTTPS connection to the OpenTelemetry collector
+You need to configure the SSL certificate and key within the OpenTelemetry
collector's ``config.yml`` file.
+
+.. code-block:: yaml
+
+ receivers:
+ otlp:
+ protocols:
+ http:
+ endpoint: 0.0.0.0:4318
+ tls:
+ cert_file: "/path/to/cert/cert.crt"
+ key_file: "/path/to/key/key.pem"
Allow/Block Lists
-----------------
